SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter. It uses the vSphere Web Services API and exposes the following functions:
SharpSphere supports execution through Cobalt Strike’s execute-assembly.
Compilation
Compiled versions can be found here.
If you compile yourself you’ll need to use ILMerge
to combine SharpSphere.exe and CommandLine.dll in the Releases
folder.
Usage
SharpSphere.exe help
list List all VMs managed by this vCenter
execute Execute given command in target VM
c2 Run C2 using C3’s VMwareShareFile module
upload Upload file to target VM
download Download file from target VM
help Display more information on a specific command.
version Display version information.
SharpSphere.exe list –help
–url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
–username Required. vCenter username, i.e. administrator@vsphere.local
–password Required. vCenter password
SharpSphere.exe execute –help
–url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
–username Required. vCenter username, i.e. administrator@vsphere.local
–password Required. vCenter password
–ip Required. Target VM IP address
–guestusername Required. Username used to authenticate to the guest OS
–guestpassword Required. Password used to authenticate to the guest OS
–command Required. Command to execute
–output (Default: false) Flag to receive the output. Will create a temporary file in C:\Users\Public on the
guest to save the output. This is then downloaded and printed to the console and the file deleted.
SharpSphere.exe c2 –help
–url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
–username Required. vCenter username, i.e. administrator@vsphere.local
–password Required. vCenter password
–ip Required. Target VM IP address
–guestusername Required. Username used to authenticate to the guest OS
–guestpassword Required. Password used to authenticate to the guest OS
–localdir Required. Full path to the C3 directory on this machine
–guestdir Required. Full path to the C3 directory on the guest OS
–inputid Required. Input ID configured for the C3 relay running on this machine
–outputid Required. Output ID configured for the C3 relay running on this machine
SharpSphere.exe upload –help
–url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
–username Required. vCenter username, i.e. administrator@vsphere.local
–password Required. vCenter password
–ip Required. Target VM IP address
–guestusername Required. Username used to authenticate to the guest OS
–guestpassword Required. Password used to authenticate to the guest OS
–source Required. Full path to local file to upload
–destination Required. Full path to location where file should be uploaded
SharpSphere.exe download –help
–url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
–username Required. vCenter username, i.e. administrator@vsphere.local
–password Required. vCenter password
–ip Required. Target VM IP address
–guestusername Required. Username used to authenticate to the guest OS
–guestpassword Required. Password used to authenticate to the guest OS
–source Required. Full path in the guest to the file to upload
–destination Required. Full path to the local directory where the file should be downloaded
SharpSphere.exe dump –help
–url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk
–username Required. vCenter username, i.e. administrator@vsphere.local
–password Required. vCenter password
–targetvm Required. VM to snapshot
–snapshot (Default: false) WARNING: Creates and then deletes a snapshot. If unset, SharpSphere will only
extract memory from last existing snapshot, or none if no snapshots are available.
–destination Required. Full path to the local directory where the file should be downloaded
Future Features
--verbose
option for listing VMs--quiet
flag to not mention every packet that’s transferred--testauth
flag to confirm guest credentials are validKali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…